TOR no longer safe for anonymity

Pete Zaborszky

August 6, 2013

Wired is reporting that researchers have found a certain piece of malware that exploits a security flaw in Firefox, which can “deanonymise” users of the TOR network. The malware showed up on sites hosted on Freedom Hosting. While Freedom Hosting has questions to answer itself, since it has been widely used to distribute child pornography.

Tormail was used by a lot of people who genuinely needed it to avoid persecution. However, if you used the Tor network over the last few days, the FBI might well have identified exactly who you are. Unless you are blocking javascript and cookies, or clearing them often, in which case the malware wouldn’t have worked.

The article goes through the exact details, but there was an iframe on the page which could identify users and sent this data to a mysterious place in Virginia.

This recent issue shows worrying signs that the TOR network isn’t as safe as everyone thinks, which may be another reason to use VPNs instead. However, as long as you are aware of how malware works the TOR network is still good if you take the necessary precautions.